PYSEC-2026-924

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/soappy/PYSEC-2026-924.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-924
Aliases
Published
2026-07-06T08:03:26.244644Z
Modified
2026-07-07T11:45:50.975296502Z
Summary
SOAPpy vulnerable to XML External Entity attacks
Details

SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References

Affected packages

PyPI / soappy

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.12.5

Affected versions

0.*
0.12.1
0.12.3
0.12.4
0.12.5

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/soappy/PYSEC-2026-924.yaml"